Hi TIA In der Nachricht vom Sunday, 28 November 2021 14:20:14 CET steht:
> 1. is my splitting the network system into the three parts a good idea or > should I truncate parts 1 and 2 into the router? If you would please give > reasons - - - please? Less devices, less to setup and maintain and less to break: I would go with 1 Firewall and 1 Switch. Get a box with an SFP Port for your firewall and install OPNSense on it. Stick your fiber directly in your firewall, if your provider lets you chose and does not insist on some plastic box. If he does, then try to use it in bridge mode. Upon request, the providers over here tell what one has to do, when using a media converter (e.g. VLAN tag or PPPoE). OPNSense and pfSense are excellent firewall distributions and IPv6 is well integrated with both of them. They are almost identical, coming the same way. OPNSense is more community oriented where as pfSense drifted away to be more commercial now, but Documentation is better. PCEngines is a stable, bullet-proof hardware, it's industrial grade, lasts for ever and has a core boot BIOS. There soon will be a version with an SFP port available. You won't get Gigabit-Speed through an APU with OPNSense (around 800Mbit/s), get something with a CPU on par with a Intel N4100, if you want to be ready for gigabit speed. There are many nice boxes around without SFP ports (like the ones from AsRock industrial e.g.) but don't use Zotac nano ci329 with pfSense, it doesn't run stable (Linux in contrary runs like a charm on these). Zyxel Switches are basically OK, but you don't get security updates after some years, the interface doesn't work on all browsers and they have weird bugs (e.g. prios in RSTP together with LAGGs). You're better of with a MikroTik using SwOS. The MikroTiks boot amazingly fast, SwOS is easy to configure and they are rather cheap. You get a Desktop Switch with 2x 10GbE and 8x 1 GbE for <$100. If you want to play around with your Zyxel to install whatever on it, that's fine, but I wouldn't invest my time on that ─ better get your lab running. Opinions on the topic will go apart, you'll get tons of advice in any direction. To a certain extent it's about your personal liking. Mine you probably just read above... Regards, Adrian.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
